With an early comment on Friday in response to the theft of at least $5.5 million from BNB Chain liquidity pools and money markets, decentralized Web3 infrastructure provider Ankr attempted to reassure its community.
The group verified that none of Ankr’s additional products, including as validators, RPC nodes, and AppChain services, were impacted. Owners of Ankr’s other more expensive staking derivatives, particularly aETHc, or Ankr staked ether, with a market cap of roughly $68 million, will be relieved by that.
Six distinct transactions totaling 60 trillion aBNBc were used by the attacker. The criminal then drained liquidity from decentralized exchanges on the BNB Chain using the newly created but unbacked tokens. The attacker was able to raid the borrowing and lending system Helio by withdrawing $16 million in HAY, the protocol’s own stablecoin, and exchanging it for $15.5 million BUSD, the Binance stablecoin released by Paxos, after turning around and purchasing the depressed aBNBc.
According to DeFiLlama, Helio had $90 million in Total Value Locked prior to the attack.
Even with meticulous attention to security procedures, hacks and exploits by bad actors like these are a regrettable possibility in Web3, but we were well-prepared, according to co-founder and CEO Chandler Song.
A suggested “action plan” described how a new ankrBNB token, which will be created and airdropped in accordance with a pre-exploit snapshot of on-chain data, can be used to pay aBNBc users.
It is unknown exactly how the aBNBc smart contract deployer’s private key came to be hacked, even though the attack appears to be the result of malicious usage of the key. To stop this kind of attack, industry best practices recommend using timelocks and multisignature wallets on upgradeable smart contracts.
An inquiry for feedback from Blockworks received no response from Ankr representatives.
While fully decentralized dapps like Uniswap on Ethereum are completely unupgradable, some providers of liquid staked BNB, like pSTAKE, use multisigs to secure sensitive contracts and restrict access to the functionalities necessary to manufacture tokens.
Although the full amount of the collateral damage is not yet known, the Ankr declared their intention to compensate users of connected DeFi dapps for their losses.
For instance, according to Helio Protocol’s official Twitter account, Ankr will pay Helio Protocol’s outstanding debts while negotiations are still ongoing.
Disclaimer: The information provided is not trading advice, Bitcoinworld.co.in holds no liability for any investments made based on the information provided on this page. We strongly recommend independent research and/or consultation with a qualified professional before making any investment decisions.